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D. ATA PROTErg ED_DAT&BlkSE 

Obtecttvtjs 



P-^^^ Data ("Generic SCPPD, is to 

(all the foregoing ^^LS^^^f^S^ " P"^' 

C'Date Subject") within a framework in wh,ch the Data sSrf,lSSl ^ ^ g " individual 
Specific examples of occasions in which this milt^ • , ? I 1 for SUch Pro ««i«g is sought. 
Data ContxoUe; operates within the confines of^D^^S D T ^"V^ whcf a 
voluntary codes in these or any other jurisdictions woddw^ D ^ves or any s.milar regulatory or 

d^o^ 

details, life stage details, life event deS t£JS£Sf* ^ ^ &MncW de£ **> 
relationship to the Data Controller anvTu^Z^ml, ^."^ de ^ s to the Data Subject's 



f 
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2, Business Dpst^m 

2.1 OVERVIEW 
2.1.1 Users 

Data Subject lo triuch they refet „d w ffl i„ „iTTi T^. 11,1 d " abl « : eeitetdless of ihe 

-» b. abie „ aee *-oi"S^^^.^^^»J^^ D- Subiec. 
password protected and limited Data Suhi«-« ~ w P , USer ^"P' and acc «s 's 

Controller! and the Data CoT^ ^y^T^T toV ^ *S ^ ^ COUntty 35 *« Data 
depending on the country of locationTth" Data S^ect" " ^ Itm 

2.1.2 Logical System Architecture 




"GENERIC SCPPD" SERVER [ 




| DATA CONTROLLER J 




DATA SUBJECTS 
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2.1.3 Screen Design 



For die Data Controller all data entry screens can be used in search mode; enabling the Data Controller to 
EUtJ?' ° C ™" Da * ° n the basis of a Data Subject's name. For example, the Data 

Controller can i enter a Data Subject's name, or a wildcard (denoted by a partial name followed by an 
astenx), and the system will display the first occurrence of the name or the names that meet the wildcard 
cntenon and allow the Data Controller to scroll through to the Data Subject required 



2.1.4 Data Fields 



Each Data Item wdl be classified as belonging to a Default Processing Group, which specifies how such a 
Data Item is to be Processed pnor to explidt consent for processing being obtained from the Daa SuSt 
J* *e penod between the data "going live" on the database following fntry by the Data ControUer S 
Ae first ume tt „ venfied by the Data Subject. This classification allowsfce Data'controller tc ^acSlnt for 
different processmg requirements or restrictions that might apply to particular types of data such as the 
differing treatments of so-called "sensitive" and "non-sensitive" data under the uics 1998 Sa Protection 

Data ItemS a f e < . those Data Items * at ^ate to a specific Data Subject Each Personal Data Item 
should be stamped with four elements of information: 

• The date that the integrity of the Personal Data Item was last verified by the Data Subject (See 2 1 6 
Integnty of Personal Data Item). This integrity is determined either by being viewed onUnT or via 

Z rDa^Co?^™ 7 ; ttP"??^ * ? ^ **** ^ " — d - d ™™* 
to the Uata Controller. This field is called Date-Last-Conect. 

• The User ID of the last person to update the Personal Data Item. This field is called Last-Changed- 

• The date the Personal Data Item was last updated. This field is called Last-Changed-On 

• Whether the Data Subject has consented to the Personal Data Item being subjected to the Specified 
Processmg desenbed by the Data Controller (see 2.1.5, Consent for Specified PrLcess^ 

2.1.5 Consent for Specified Processing 

The Data Controller will explicidy specify to the Data Subject all Processing that is to be performed on the 
Date Items, and also that Data Items axe to be viewable over the Intemefbv the Date 22,^7 

2.1.6 Integrity of Personal Data Item 

If, having viewed a Personal Date Item, a Data Subject does not seek to change the Personal Data Item 

2.1.7 Database Searching 
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2.1.8 Proactive Consent 



The Data Controller will be able to seek consent for the Processing of Personal Data Items, and 
confirmation of the integrity of Personal Data Items, from each Data Subject who is unable or chooses not 
to access the Generic SCPPD via the Internet Printing and sending a report to the Data Subject for 
confirmation will achieve this. 

2.1.9 Security 

The system will be protected against unauthorised access. The Data Controller will issue each Data Subject 
with a usemame and password with which to gain authorised access to the system. 

2.1.10 Displaying Information 

All information is available to the Data Controller. The Data Subject can see his or her own Personal Data 
Items, either through the Internet, or from a printed/ e-mailed report supplied by the Data Controller. 

2.1.11 "Processing" of Personal Data Items 

As the Generic SCPPD is intended as a "generic" engine, no description is given herein of actual 
functionality or processes that might be associated with the Specified Processing. In practice however such 
functionality or processes might include, without limitation, obtaining, holding, storing, displaying, 
transferang, replicating, or the processing of Personal Data Items in any other way. It is assumed herein 
that the Generic SCPPD will be integrated with any additional functionality actually required to achieve the 
Specified Processing. 
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2.2 LOG-ON AND CONSENT FOR SPECIFIED PROCESSING 



Generic SCPPD - Mock-Up 
Log-on and Consent for Specified Processing 



USERNAME 
PASSWORD 



Explicit Description provided by Data Controller to Data Subject of Specific 
Processing of Personal Data Items intended by Data Controller 




I agree to the Specified Processing 



Confidential 

© Abatlia Group Ltd., 2000 



Date Created 1 9" July 2000 
Created by: Ben Van Every 



2.2.1 Overview 

This foncrion b the first accessed when the Data Subject visits the website. The function is used to identify 
die Data Subject to the system and to gain the Data Subject's consent over the web for the Specified 
faction" 2 CrSOnal Data ItCmS - 7116 Data Controller can also log on to the system through this 

When anyone signs onto, the system, their usemame and password are validated against the UserName 
and UserPassword values on the USER table. If the ForcePasswordChange flag is set for the User the 
user wdl be required to change his/ her password. On successful validation of the usemame and password, 
if the User is identified as a Data Subject, determined by the value of the UserDataSubiect flagon the 
User table, the UserlD will be used to determine the Data Subject record. 

If the DataSubjectSpecifiedProcessingAgreed flag is not set (which will be the case when the Data 
Subject visits the site for the first time), the Data Subject will be presented with an explicit specification of 
au processing ihat is to be performed (the Specified Processing) on all Personal Data Items, and will be 
informed that Personal Data Items ate to be viewable by the Data Controller and by the Data Subject The 
me SP^ 5 ^ Processing will be taken from the SpecifiedProcessingText (held on. the 
SPEOTIED PROCESSING table) that will be entered and mamSLed by the dJFgSLE (see £ 
NEW SPECIFIED PROCESSING OF PERSONAL DATA ITEMS),If the Data Subjects not ajee 
to this processing, he or she wdl not be allowed to proceed any further, and an e-mail will be generated and 
sent to the Data Controller so that the Data Subject can be contacted if necessary and the issue resolved. If 
the Data Sub,ect does consent, then the Consent field (held on the PERSONAL DATA ITEM tabled is 
updated to Y for all Personal Data Items for that Data Subject, the 
DataSubj^tSpecmedProcessingAgreed (held on the DATA SUBJECT table) is set to Y for that Data 
bub,ect and the DataSubjectSpecifiedProcessingAgreedDate (held on the DATA SUBJECT tabled is 
set to the current date. - J ' 
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On subsequent visits to the website, if die Data Subject has previously agreed to the Specified Processing 
(as indicated by the DataSubjectSpecifiedProcessingAgreed flag for the Data Subject) and the Specified 
Processing details have not changed in the mean time, dicy will not be required to agree to the same 
conditions again though they will need to logon with dteir usemame and password. 

2.2.2 Database & Tables 

The databases used during this business event are: 

• USER table 

• SPECIFIED PROCESSING table 

• DATA SUBJECT table 

2.23 Fields on the Screen 
The contents of this screen are: 

Log-on-Usemame: uniquely identifies the user and is checked against the USER table. It is a maximum 
of 20 alphanumeric characters. 

Log-on-Password; when entered, is hidden from the user and is encrypted when held on the database. It 
is checked against the USER table in conjunction with the username. 

Log-on-Specified-Processing: an explicit specification of all processing that is to be performed on the 
Personal Data Items, including that Personal Data Items are to be viewable by the Data Controller and by 
the Data Subject This is sourced from the SpedfiedProcessingText value in the SPECIFIED 
PROCESSING table. 

Log-on-IAgreeToSpecifiedProcessing: on clicking this input button, the Data Subject consents to the 
Specified Processing in relation to the Personal Data Items, and this process updates the Consent field in 
all records on the PESRONAL DATA ITEM table for the Data Subject to Y. By agreeing to the Specified 
Processing the Data Subject is then able to view each individual Personal Data Item separately through 2.3 
ENTRY OF PERSONAL DATA ITEM, and, if he/ she so wishes, to amend the Consent field value for 
logical groups of Personal Data Items to N. (Note, that by amending, this Consent value for any of the 
Data Subject's Personal Data Items, they are in effect denying themselves access to the website until they 
agree to the Specified Processing again). 

J^gHDn-moNotAgreeToSpecifiedProcessing: on clicking this input button, the Data Subject has 
declined the Specified Processing and the DataSubjectSpecifiedProcessingAgreed flag will remain as N. 
All Consent field values for all Personal Data Items will remain as N also. An e-mail will be generated and 
sent to the Data Controller detailing this declination event The Data Subject will not be permitted any 
further access to the website beyond this Log-on page. 
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2.3 ENTRY OF PERSONAL DATA ITEM 



Generic SCPPD - Mock-Up Screen 



Entry of Personal Data Item 



DATA SUBJECT NAME 
DATA SUBJECT ID 



PERSONAL DATA ITEM DESCRIPTION j 
PERSONAL DATA ITEM VALUE 
DEFAULT PROCESSING GROUP 
DATE LAST CORRECT 
LAST CHANGED BY 
CONSENT? 

DATE CONSENT LAST AGREED 




ON • 



Confidential 

© Abattia Group Ltd., 2000 



Date Created 15" July 2000 
Created by: Ben Van Every 



23.1 Overview 

This function presents the basic information regarding a Data Subject, and allows the Data Subject to 
inform die Data Controller regarding a Personal Data Item relating to the Data Subject Additionally this 
function will allow the Data Controller to make available to the Data Subject over the Internet all Personal 
Data Items held relating to that Data Subject, and to gain confirmation from each Data Subject as to the 
integnty of the data. Furthermore, the screen allows for the Data Subject to view whether he or she has 
consented to the Specified Processing, and to alter this election, if they so wish. 

To Change Existing Information: the Data Subject selects a Personal Data Item Description from a drop- 
down list of those available (list contents are taken from the DATA ITEM table). The Data Subject 
overtypes with the new information in the Personal Data Item field and the form is submitted If the 
Function Notification record indicates that notification is required for the amended Data Item any change 
to the data held on this page is detailed in an e-mail automatically sent to the Data Controller. 

To Add New Infonmation: the Data Subject selects a Personal Data Item Description from the drop-down 
kst of those available. The new Personal Data Item value information is entered into the Personal Data 
Item Value field and the form is submitted. 

To Remove Information: the Data Subject selects the Personal Data Item from the drop-down list of 
those available. The Data Subject then clears the Personal Data Item Value by clicking on the Clear button 
or by deleting the contents, and the form is submitted. 

232 Database & Tables 



The information on this screen is held on the PERSONAL DATA ITEM table. Other databases used 



are: 



FUNCTION NOTIFICATION table 
USER table 

BUSINESS FUNCTION ACCESS table 
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DATA ITEM tabic 
DATA SUBJECT table 



23.3 Tracking Changes 

If the Data Subject changes the Persona! Data Item value, the FUNCTION NOTIFICATION table is 
interrogated to determine whether the Data Controller wants to be notified about the change If the 
Functional Notification flag for the Data Item is set then the UserlD (held on the FUNCTION 
NOTIFICATION table) is retrieved and used to find the appropriate UserDataControilerE-mail address 
(held on the USER table), to which an automatically generated e-mail is sent e-mailwith the following 
message in the Subject 6 

f" b j%M*J£Zl' lD: ^T,^L lD> ChangCd * eir <PerSOnal Data Item D«cription> from 
****** tQ ######## Qn dd/MM/YYYY at HH.MM.SS. 

23.4 Fields on the Screen 

PDI-Data-Subject-ID: This is the unique identifier assigned to this Data Subject by the Data Controller 
It is a maximum of 20 characters numeric. 

PDI-Data-Subject-Name: This is the name of the Data Subject, which is initially entered by the Data 
Controller In the instance that the Personal Data Item is the Data Subject's name, this field could instead 
be some other identifier of the Data Subject It is a maximum of 100 alphanumeric characters long. 

PDI-Personal-Data-Item-Value: This is an item of personal data relating to the Data Subject, which 
might include, without limitation, any of the following; name details, contact details, family details health 
details, finanaal details, lifestyle details, life stage details, life events details, demographic details, any details 
relating to the Data Subject's relationship to the Data Controller, or any other such personal data This is a 
maximum 400 alphanumeric character field. 

^ I " Pe ^ 0n ^ D ^ a " It o n ^" DeSCripti0n: identifies *e Data Item to which the Personal Data Item 
Value refers. The Date Subject can request a display of a specific item such as "Address" by selecting the 

^JT^T^ * d ~P- d ° Wn Ust ° n ^ ectin S a description, the Personal Data Item Value 

held for that description against the Data Subject is displayed. 

PDI-Default-Processing-Group: This specifies how a Data Item is to be Processed in the period prior to 
explicit consent .for processing being obtained from the Data Subject, and as detailed in die Specified 
Processing. This classification allows for the Data Controller to take into account different processing 

ff™^* ^ a P pl7 f ° particukr •yP" ofdat *. such as the differing Latmenb 

of so-called sensitive" and "non-sensitive" data under the UK's 1998 Data Protection Act 

PDI-Clear: The Personal Data Item Value for any given Data Item can be cleared out using this button. 
The form is then submitted to process the removal of data 

PDI-Date-.Last-Correct: This field can be updated direcdy by the Data Subject, or will be set 
automatically after any view or change of the data item by the Data Subject This is a date and time 
displayed in the format DD/MM/YYYY HH:MM.SS. 

PDI-Last-Changed-By / On: This field representes the date of the last amendment (displayed in the 
format DD/MM/YYYY HH:MM:SS) and the usemame of the last person who updated STpenoS 
Data Item Value (maximum 20 characters alphanumeric). 

PDI-Consent: This field indicates that the Data Subject consents to the Specified Processine of the 
Personal Data Item. The Data Subject can withdraw consent for such usage b^anging Te contentstf 
tins field. If the Data Sub )e ct withdraws consent for the Specified ProcessSg of this Phonal DaS ltem 
nt 1 " » Generic SCPPD will be withdrawn by setting dTe 

P^^Q^ eCl ? rOCe T n f AgreCd t0 N (SCe ^ LOG-ON AND CONSENT FOR SPECIFIED 
I ROCESSING), whereupon the Log-on page (see 2.2, LOG-ON AND CONSENT FOR SPECIFIED 
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PROCESSING) will be the only screen accessible to the Data Subject, and an e-mail will be sent to the 
Data Controller so that the Data Subject can be contacted if necessary and the issue resolved. 

PDI-Consent-D ace-Agreed: This is the date that the Data Subject last provided their consent for 
Specified Processing (see 2.2, LOG-ON AND CONSENT FOR SPECIFIED PROCESSING). This is 
displayed as a date and time in the format DD/MM/YYYY HH:MM:SS. If the Data Subject subsequendy 
alters any election in respect of consent for Specified Processing, this field will reflect that date at which 
this alteration was made. Effectively, all Consent dates will be that of the date that Specified Processing 
agreement was made. 

PDI-Submit: By clicking this button the changes to the Personal Data Item are saved to the database. 

PDI-Reset: Any changes that were 'in-progress' will be discarded and the page returned to its original 
state by clicking this button. 

PDI-Print: This allows a report to be printed based upon the Personal Data Item being viewed. 
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2.4 USERNAME/PASSWORD MAINTENANCE 



Generic SCPPD - Mock-Up 



Username / Password 



DATA CONTROLLER 
DATA SUBJECT NAME USERNAME 



□ iZ 



DATA SUBJECT ID FORCE PASSWORD 
CHANCE 



i ' 



J 



: f. 



.....f 



r.z: 



□ 
□ 
□ 
□ 
□ 



A 



| I RESET "| 
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2.4.1 Overview 

2i 7 5h£^ ^ff* !f Ce l S ^ ^ Qa - Which coatmh »> the system on an individual 

Data Subject level. It also provides the Data Controller with the ability to amend his or her own password. 

2.4.2 Database & Tables 

This information is held on the USER table. The other table used is: 
• DATA SUBJECT table 
2.43 Fields on the Screen 

UPT-Data-Controller-Usemame: This is the Data Controller's username, used to sign onto the system 

SntX ZZff ™T 11 3 maXimmn ° f 20 tumeric characters S length. The 7 Data 

Controllers this table initially assigns it, together with a password. • ' 

UPT-Data-Controller-Password: This is the Data Controller's password, which can be changed via this 
page. 

sSwiSTS? ^^r^ ^ £ ^ namC ° f ° ata Sub ' ect - wbich is ob ^d from the DATA 
le^gdf USmg Data - Sub ' ect " ID 35 * e ke 7- & * « ^«imum of 100 alphanumeric characters in 

UPT-Usemame: This is the Data Subject's username, used to sign onto the system which can be 
USE ~* Pag "' IV " a T Um " f2 ° characters^ length. It's origm^y ass^ned 

^ JTr* 1 ' ^ Data C ° ntroUer m «* "Me. ^ is then related to a series of busln ess 
events through die Business Function Access page (see 29, BUSINESS FUNCTION ACCESS). 
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UPT-Password: This is die Data Subject's password, which can be changed via this page. It is shown on 
this page in its unencrypted form. 

UPT-Data-Subject-ID: This is the unique identifier, generated by (he system, and assigned to this Data 
Subject 

UPT-Force-Password-Change: This checkbox allows the Data Controller to set the 
ForcePasswordChange Oag for the Data Subject This will require the Data Subject to change their 
password when they next log on to the site. 

UPT-Submir. By clicking this button the changes to the Username and Password details are saved to the 
database. 

UPT-Reset: By clicking this button, any changes that were 'in-progress' will be discarded and the paee 
returned to its original state. ^ 6 
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2.5 NEW SPECIFIED PROCESSING OF PERSONAL DATA ITEMS 



Generic SCPPD - Mock-Up Screen 



New Specified Processing 



New Specified Processing to be entered by Data Controller 
and presented to each Data Subject 



l SUBMIT | • RESET f 
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2.5.1 Overview 

Whenever the Data Controller changes the nature of the Specified Processing to be applied to Data Items 
the Data Controller is required to seek consent for the New Specified Processing from the Data Subject 
This function will allow the Data Controller to establish a new description of the Specified Processing of 
the Data Items. By submitting a New Specified Processing text, the 
DataSubjectSpecifiedProcessingAgreed flag and date are reset for each Data Subject When die Data 
Subjects next sign onto the system, they will be required to consent to the new Specified Processing as a 
condition for using the system (see 2.2, LOG-ON AND CONSENT FOR SPECIFIED PROCESSING). 

2.5.2 Database & Tables 

The new description of the Specified Processing is held on the SPECIFIED PROCESSING table The 
other table used is: 

• DATA SUBJECT table 
2.53 Fields on the Screen 

SP-New-Description: This contains the new description of Specified Processing that will be displayed for 
the Data Subject to give their consent when they next log on. 

SP-Submit: This burton submits the change to the Specified Processing to the 
SPECIFIEDPROCESSING table and sets the DataSubjectSpecifiedProcessingAgreed/Date to N and 
NULL respectively. 

SP-Reset: By clicking this button, any changes that were 'in-progress' will be discarded and the page 
returned to its original state. v 6 
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2.6 FUNCTION NOTIFICATION 



Generic SCPPD - Mock-Up 



Function Notification 




Email 



13 S/V 
...Z J N'" 8 ! 

™" J pelele | 



AOO ' I ! SUBMIT 5, f RESET j 
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2.6.1 Overview 

This function allows the Data Controller to control who, if anyone, is informed about changes to Personal 
Data Items. A change by a Data Subject (not by the. Data Controller) will cause a standard e-mail to be 
generated and automatically sent to the e-mail address of the specified administrator. 

2.6.2 Databases and Tables 

This information is stored on the FUNCTION NOTIFICATION table. 



The other table used is: 
• DATA ITEM table 



2.63 Fields on the Screen 

FN-Notify: This checkbox indicates whether die Data Controller is going to be notified by e-mail when 
the Data Subject changes the respective Personal Data Item 

FN-E-mail: This is the e-mail address to which the e-mail is to be sent This is a 30 character 
alphanumeric field. 

FN-Function-Tide: This indicates the function to which the Function Notification setting applies. 

FN-Add: This button allows the Data Controller to add a new Function Notification to the FUNCTION 
NOTIFICATION table. 

FN-Delete: This allows the Data Controller to delete a Function Notification providing that the Function 
Notification is not referenced by any Data Item on the database. 
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FN-Submit: By clicking this button the changes to the Function Notification parameters ate saved to the 
database. 

FN-Reset: By clicking this button, any changes that were 'in-progress* will be discarded and the page 
returned to its original state. 
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2.7 DATA ITEM PAGE 



Generic SCPPD - Mock-Up Screen 



Data Item Table 



ADD DELETE 
PERSONAL DATA ITEM DESCRIPTION 



DEFAULT PROCESSING GROUP 



FUNCTION NOTIFICATION 



■.v«w.v.v.v.v.v.vw.wi 

\\w 



SUBMIT 
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2.7.1 Overview 

This function allows the Data Controller to establish the standard Data Item Descriptions and to specify 
how Phonal Data Items with these Data Item Descriptions are to be Processed « .the penod pnor to 
elicit consent for processing being obtained from the Data Sub,ect^ «. the penod between the data 
"SirS live" on the database following entry by the Data Controller and the first .tunc > it* venfied by the 
D^r StSect ™s classification aUows the Data Controller to account for Afferent processmg 
«;letelTor^Wctions that might apply to particular types of data, such as the drffenng treatments of 
so-called "sensitive" and "non-sensitive" data under the UK's 1998 Data Protection Act 

When a new Data Item Description is added, the details are stored on the DATA ITEM table. 

A Data Item Description cannot be removed if it is used on the PERSONAL DATA ITEM table. 

This function also allows the Data Controller to specify which Function Notification details should be 
associated with a given Data Item. 

2.7.2 Database & Tables 

This is stored in the DATA ITEM table. Other tables used are: 

• PERSONAL DATA ITEM table 

. DEFAULT PROCESSING GROUP table 

• FUNCTION NOTIFICATION table 



2.7.3 Fields on the screen 
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DI-Add: This allows the Data Controller to add a new Personal Data Item Description. The Personal 
Data Item Description drop-down box will be enabled so that the Data Controller can enter the new Data 
Item description. The association to a Default Processing Group is also made. 

DI-Delete: This allows the Data Controller to delete a Data Item Description from the table provided 
there are currently no Personal Data Items on the PERSONAL DATA ITEM table associated with it. 

DI-Persqnal-Data-Item-Description: This is the description of the Data Item, and will be no longer 
than 20 alphanumeric characters. 

DI-Default-Processing-Group: This specifies how Data Items with this Data Item Description are to be 
Processed prior to explicit consent for processing being obtained from the Data Subject, i.e. the period 
between the data "going live" on the database following entry by the Data Controller and the first time it is 
verified by the Data Subject This classification allows for the Data Controller to account for different 
processing requirements that might apply to particular types of data, such as the differing treatments of so- 
called "sensitive" and "non-sensitive" data under the UK's 1998 Data Protection Act. 

DI-Function-Notification: This allows the Data Controller to indicate which Function Notification detail 
is to be associated with the Data Item. 

Dl-Submit: By clicking this button the additions, changes or deletions are processed on the DATA ITEM 
table. 

DI-Reset: By clicking this button any changes that were 'in-progress* will be discarded and the page 
returned to its original state. 
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2.8 DEFAULT PROCESSING GROUP PAGE 



Generic SCPPD - Mock-Up Screen 



Default Processing Group Table 



OEFAULT PROCESSING GROUP DEFAULT PROCESSING DESCRIPTION 

c::::iii:::iiiiziii czzzzzzziiizj s a 




[ SUBMIT I I RESCT j 



ADD OPG I 



Confidential 

© Abattia Group Ltd., 2000 



Date Created 15* July 2000 
Created by: Ben Van Every 



2.8.1 Overview 

This function allows the Data Controller to maintain the Default Processing Groups and to establish what 
Default Processing will be associated with each Default Processing Group. When a new Default 
Processing Group is added, the details are added clicking this button the DEFAULT PROCESSING 
GROUP table. 

A Default Processing Group cannot be deleted if it is used on the DATA ITEM table. 

As die Generic SCPPD is intended as a "generic" engine, no description is gjven herein of actual 
functionality or processes that might be associated with the Default Processing. In practice however such 
functionality or processes might include, without limitation, obtaining, holding, storing, displaying, 
transferring, replicating, or the processing of Personal Data Items in any other way. It is assumed herein 
that the Generic SCPPD will be integrated with any additional functionality actually required to achieve the 
Specified Processing. 

2.8.2 Database & Tables 

This is stored in the DEFAULT PROCESSING GROUP table. The other table used is: 

• DATA ITEM table 

2.83 Fields on the Screen 

DPG-Default-Processing-Group: This is the name of the Default Processing Group, and will be no 
longer than 20 alphanumeric characters. 

DPG-Default-Processing-Description: This is the Default Processing associated with the Default 
Processing Group. 
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DPG-Add-DPG: This button allows the Data Controller to add a new Default Processing Group and will 
add the details to the DEFAULT PROCESSING GROUP table. 

DPG-Delete: This allows the Data Controller to delete a Default Processing Group from the table 
provided there are currently no Data Items on the DATA ITEM table associated with it. 

?R^G B £ 8 r Utton add,t,0nS ' ChangeS ° f ddeti ° nS ~ ° n DEFAULT 

DPG-Reset: By clicking this button any changes that were 'in-progress' wiU be discarded and the page 
returned to its original state. * & 
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2.9 BUSINESS FUNCTION ACCESS 



Generic SCPPD - Mock-Up Screen 



Business Function Access 



User Name 



Data Subject Name 



business 

EVENT 



ACCESS 



PDI 

UPT 
SP 
FN 
D! 

SFA 
DPG 
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Confidential 

© Abattia Group Ltd.. 2000 



Date Created 1 5 th July 2000 
Created by: Ben Van Every 



2.9.1 Overview 

This function allows the Data Controller to specify which business events <U. functional activity generally 
related to a screen) can be accessed by the Users. This covers all possible functxons ^^^^g 
the exception of the Log-on function, which is always accessible to all users (see 22, ^ G ; 0 ^ A2 ^ ) 
CONSENT FOR SPECIFIED PROCESSING). The list of Business Events, available is built from the 
BUSINESS FUNCTION table using the BusinessFunctionTitle. Access can be View or Update. 

2.9.2 Database & Tables 

This is stored in the BUSINESS FUCTION ACCESS table. 
The other tables used are: 

• USER table 

• DATA SUBJECT table 

2.93 Fields on the Screen 

BFA-UserName: This is a drop-down list of usemames from the User table. Selection of a username 
brings up the Business Event Access values for that User. 

BFA-Data-Subiect-Name: This is a drop-down list of Data Subject Names from the DATA SUBJECT 
table that will be kept in line with the username drop-down list There may be usernames for which there 
are no Data Subject Names e.g. Data Controllers. 

BFA-PDI: This field records whether the User is to have access to the Entry of Personal Data function 
(see 2.3, ENTRY OF PERSONAL DATA ITEM)- 
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BFA-UPT: This field records whether the User is to have access to the Use mame/ Password function (see 
2.4, USERNAME/PASSWORD). 

BFA-SP: This field records whether the User is to have access to the New Psecified Processing of 
Personal* Data Items function (see 2.5, NEW SPECIFIED PROCESSING OF PERSONAL DATA 
ITEMS). 

BFA-FN: This field records whether the User is to have access to Function Notification function (see Z6 
FUNCTION NOTIFICATION ). 

BFA-DI: This field records whether the User is to have access to the Data Item function (see 2.7 DATA 
ITEM PAGE.) 

BFA-DPG: This field records whether the User is to have access to the Default Processing Group 
function (see 2.8, DEFAULT PROCESSING GROUP PAGE). 

BFA-BFA: This field records whether the User is to have access to the Business Function Access function 
(see 2.9, BUSINESS FUNCTION ACCESS). 

BFA-...: This field records whether the User is to have access to other Business Functions as recorded on 
the BUSINESS FUNCTION table. 

BFA-Submit: By clicking this button the changes are processed on the BUSINESS FUNCTION 
ACCESS table. 

BFA-Resec By clicking this button any changes that were 'in-progress' will be discarded and the page 
returned to its original state. 
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2.10 REPORT 

2.10.1 Overview 

A paper or e-mail report can be produced by the system. The reports can be printed and sent or e-mailed 
to the Data Subject to have the Data Subject verify the integrity of the Personal Data Item, by letting the 
Data Subject check the details held and return any corrections. Reports can be produced in such a way that 
they can be e-mailed as an attachment. 

2.10.2 Source of information 

The following table provides the source of this information: 
• PERSONAL DATA ITEM table 
2.103 Fields printed on the report. 

DATA SUBJECT PERSONAL DATA ITEM 

Printed by: <username> on DD/MMM/YYYY 

NAME <PDI-Data-Subject-Name> 

DATA SUBJECT ID NUMBER <PDI-Data-Subject-ID> 
Description of Specified Processing <SP-New-Description> 

(There follows a list of all Personal Data Items relating to this Data Subject, as follows....] 
#1 

Personal Data Item Description: <PDI-Personal-Data-Item Description> 

Personal Data Item: <PDI-PersonaI-Data-Item Value> 

Consent Given? <PDI-Consent> 

Date Consent Given <PDI-Consent-Date-Agreed> 

Default Processing Group <PDn-Default-Processing-Group> 

Default Processing <DPG-Default-Processing> 

Details were correct on <PDI-Date-Last-Correct> 

Last changed by <PDI-Last-Changed-By> On <PDI-Last-Changed-On> 



#2, etc.. 
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% FlINCT ^MAf.SPRCIFICATtON 

1 1 LOG-ON AND CONSENT FOR SPECIFIED PROCESSING 

(See 2.2 LOG-ON AND CONSENT FOR SPECIFIED PROCESSING) 

STL Consent for Specified Processing allows a usee to connect to the site and to provide consent 
for Data Items to be processed in a specified manner 

Primary User 
Data Controller 
Data Subject 

Starting Point 

When a user navigates to the Log-on portal of the website. 
Ending Point 

When a Log-on request has been completed. 

rtTeT^im^ted or denied access to the system beyond the Log-on page. 

Flow of events , , . 1CCT> _ui« 

The username and password of a user is referenced against the USER table. 

Where the Username entered corresponds to that of a Data Controller and the password is valid, the 
DataSubjectSpecifiedProcessingAgreed field is ignored. 

Z Sam S£^StaWbo*ed that they are not able to continue any former m^the website and 
^ eW wS'£aT to mancaIly generated and sent to the Data Conner mdicatmg that this is the case. 
The DataSubiectSpecifiedPiocessingAgreed flag will be set to N and the 
Sa^ubfecSSSfiedProc.ssingAgreedDate will be set to NULL, M Consent flags on all 
PERSONAL DATA ITEM records for the Data Sub|ect wfll also be set to N. 

Where a user attempts to log-on to the website and the username provided indicates mat the Force- 
P^^rdChlnSfflag is sf t, the user must change their password before any former processing can 



continue. 



When the user successfully logs on to the system, a unique SessionID is generated by me system and 
" ^e Us^esS 7 nID field, and mVuserLastAccess field is updated wrm the current amestamp. 
Both of these fields are held on the USER table. 

The SessionID is oassed from page to page as the user navigates through the system^ and serves both to 
2£^T^ ^ Z lystem P and to a user to log-on again if they have been macuve for a certain 
length of time. 

Alternative flow of tjt« „fe„„„ i„ the USER oble. ot the username and paaswotd 

rrS^W""'' will feil and the uaer will be infcnned 
of the failure and prevented from progressing beyond the Log-on page. 
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3 2 SEARCH PERSONAL DATA ITEM DATABASE 

(See 2.3, ENTRY OF PERSONAL DATA ITEM) 



Overview 



£i te Trf tC r thC P ^ RSONAL DATA ""EM table based upon the name of the Data Subject and the 
Personal Data Item Descnpdon and return the Personal Data Item Value. ' 

Primary User 
Data Controller 
Data Subject 

Starting Point 

When the Data Controller chooses to perform a PERSONAI DATA ftpm- . m 

Subject accesses the Entry of Personal Data Item Woo!. ^ ° C When * Data 

Ending Point 

When the search request has been completed. 
Measurable Result 

4Zt SST** 3 ° ata ***** namC ' *" °- ^ Option, and Persona. Data Item 

Flow of events 

(^t:th^;. Si0nID SUPPUed ^ ^ «* -*•*■*» to perform this function 

2££ 2 ° f 3 D2ta (entered * «* Ononis being 

The Data Controller the Data Subject selects the Personal Data Item Description from a drop-down 

It is possible to use a wildcard within the Data Subiect fieH ***** -i a ^ i_ 

asterisk and can only be used at the end of a s^g. ^ ***** ^ be an 

The search is perfonned using the DISPLAY PERSONAL DATA ITEM SEARCH RFSr ,ttqa • 
and the results are presented to the user. otiAitCM RESULTS function, 

Alternative flow of events 

The user is denied access due to lack of authority, or is referred back to th»i ~„ 

SessionID is invalid or has expired. theLog-on page because their 



3.3 DISPLAY PERSONAL DATA ITEM SEARCH RESULTS 

(See 2.3, ENTRY OF PERSONAL DATA ITEM) 



Overview 



Primary User 
Data Controller 
Data Subject 

Starting Point 

S?A > rS h D^ffiil PERSONAI - ° ATA ™ -« *< SEARCH PERSONAL 
Ending Point 

Sr^cT 11 ~ Bd Md ^ D - -« - d Personal Data I tem have 

Measurable Result 

O.Sf SSf^ 3 ^ SUbiCCt ' S namC " ^ ^ Da » Item Option, and Persona, Data Itetn 
Flow of events 

^SS^^ SUPPHCd i5 Vdid " d ^ ^ eStabU5h 3Uth0riSati - - perform this function 
The search is executed, and the resulting result set is returned. 
Alternative flow of events 

s-ssLtssjs^sr "■* of • , " l,<> °' , '• °' " • — ** 
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3.4 PERSONAL DATA ITEM 

(See 2.3, ENTRY OF PERSONAL DATA ITEM) 

3.4.1 View 
Overview 

Primary User 
Data Controller 
Data Subject 

Starting Point 

When the user selects a specific Data Subject's Personal Data Item to view. 
Ending Point 

When the requested information has been presented to the user. 
Measurable Result 

The requested information has been presented to the user. 
Flow of events 

(^l^r nrD SUPP,,£d ^ "** ^ ^ "* - ^ m ^ ^ 



. user. 



The selected Data Subject's details are displayed to the i 
^a^s da^" SUbiCCt * e ** - *e PDI-Date-Last-Correct field is set to 

The Data Controller can set the PDI-Date-Last-Cortect field to rnnfi m »k„» .». u .,. . 

the Data Subject of the integrity of the Data Item *"* ^ haVC venfica *on from 

Alternative flow of events 

The user is denied access due to lack of authoritv or is refr™H k*m, * *u t 

SessionID is invalid or has expired. ^ aefcncd back to page because their 

3.4J2 Add 

Overview 

This enables the user to add a Personal Data Item relating to a Data Subject 

Primary User 
Data Controller 
Data Subject 

Starting Point 

When the user enters new information for a Data Subject and submits the data. 
Ending Point 

When the information has been validated and nmr^^A k„ «.l , , 

success or failure of the operation. P"*«sed by the system, and the user is informed of the 

Measurable Result 

A Data Subject's Personal Data Item Value has been added for a Data Subject 
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Flow of events 

g^t^d* i °"' D "■<*'"■' '" »"> ""^.don „ ^ ^ 

*< ' F DA ™ CONTROLS 

Alternative flow of events 

u D pS t :X^of ti ° n ' ^ Whkh ^ ** USCr « S ' nfomed ° f *<= «•« 0 and is invited to rc . tty ^ 

2£ss lack of authority> or ,s referrcd back to 

3.4.3 Update 
Overview 

Primary User 
Data Controller 
Data Subject 

Starting Point 

When the use. makes amendments to the Data Subject's Personal Data Item and submits the data. 
Ending Point 

When the information has been validated and oroces^H U v * + 

success or failure of the operation. Processed by the system, and the user is informed of the 

Measurable Result 

A Data Subject's Personal Data Item is updated. 
Flow of events 

Before applying changes to the database, it should be checked to ensure that anoth. 

the same data in the period between this user fir^f ™™„T a u another user has not updated 

is me case the update should bVrems^ and *e uTXf I k makin S - change. Where this 

latest inflation from the daSbLT d be to ^ u P da * screen showing the 

25 SUb ' eCt - ^ - « *e PDi-Date-Last-Correct field is set to 

^£^^J^SSSS^ « <° «*~- *ev have venficanon fiom 
NO^FrC^TON^QU^RE^^ction will be > caUed 5Ub ' eCt * ^ * *™ CONTROLLER 
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Alternative flow of events 

s^iisi-s^j - *— *«* — M » ^ past ^ ^ 

3.4.4 Print 
Overview 

Primary User 
Data Controller 

Starting Point 

SSoSiSfflyj' - " bU °°" " " *"* ° f D- P» («« i3 , ENTRY OF 

Ending Point 

When the report has been printed. 
Measurable Result 

A Data Subject, Personal Data Item report has been produced (see ^ 
Flow of events 

Print the report based upon the selected Personal Date Item. 
Alternative flow of events 

The user is denied access due to lack of „„ t u„ . , 

SessionID is invalid or has exphS °< " refened »»* «° theLo g -o n page becau$e ^ 
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3-5 MAINTAIN FUNCTION NOTIFICATIONS 

(See 2.6, FUNCTION NOTIFICATION ) 



3.5.1 View 
Overview 

This enables the Data Controller to view the Function Notification settings. 

Primary User 
Data Controller 

Starting Point 

When the user elects to view Function Notifications. 
Ending Point 

When the information has been presented to the user. 
Measurable Result 

The Function Notification information is presented to the user. 
Flow of events 

SSt'^f < "" D ' S ^ "0 «**■■> »*o*.*» » perfotn, d* fottctiot, 

Alternative flow of events 

The user is denied access due to lack of authoritv or i< rofo^A k t, ^ T 

SessionID is invalid or has expired. aumon ^ or « referred back to theLog-on page because their 

3.5.2 Add 

Overview 

This enables the Data Controller to add a Function Notification title, setting, and e-mail address. 

Primary User 
Data Controller 

Starting Point 

When the user enters new information for a Function Notification. 
Ending Point 

Measurable Result 

A Function Notification is been added. 

Flow of events 

Futtotiot, Noddcdon TO. is entered. TTie Notify setting must be Y or N, and the E™, ^ fot 
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the administrator to be notified is cnteced before bcinjr submit rv va ■ 

wntten to the FUNCTION NOTIFICATION table SUbm ' tted - 011 validating correctly, the data will be 
Alternative flow of events 

SLTSSc S"""' " wh,ch " us « » '" f °<™« - - - u M ,o a. 

2il?D" '** <" — - » — I M. to „cLo 8 -<,„ plee ^ 

3.5.3 Update 

Overview 

TO. enables the Data Controller to update the Function Notification settings. 

Primary User 
Data Controller 

Starting Point 

When the user elects to update the cun.nt Function Notification information. 
Ending Point 

Measurable Result 

The Function Notification records are updated. 
Flow of events 

g^t^r"" 3 "»«- ° — - — • - -fe-ft. to perform this ta*. 

*em. P euser ™*ned of any errors and given the opportunity to correct 

Before applying changes to the database, it should be checked *u 

the same data in the period between this user fim vfc^l? T ^5 ano * tt us « has not updated 

« the case the update should be refused, and uTusTrTorfd to^TTV"** ° Ch "* B - 

latest infbrmation from the database. ° retUmcd to *« u P da * screen showing the 

Alternative flow of events 

SihSSL^KKSf llck of ,u,i ' OIi ' , '■ - b »-* * ~ !-<_ 

3J5.4 Delete 
Overview 

TOs enables the user to delete Function Notification records. 

Primary User 
Data Controller 

Starting Point 

When the user chooses to delete Function Notification details. 



30 



Ending Point 

When the information has been applied to the database or has been cancelled due to failure. 

Measurable Result 

The requested deletions are applied. 

Flow of events 

?^:£J$r aID SUPP, ' ed ' S ^ Md ™<> - ^ to perform this Wtion 

^e^D^i^r NOtifiCati ° n ^ ^ datab -' *« *7 « «* current 

Alternative flow of events 

The deletion fails, in which case the user is informed of the issue(s). 

SSKtSfS^f ° f aUth0tity * °< " refened ^ * W because their 
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3.6 MAINTAIN BUSINESS FUNCTION ACCESSES 

(See 2.9, BUSINESS FUNCTION ACCESS) ^ 

3.6.1 View 
Overview 

Hiis enables the Data Controller to view the Business Function Accesses. 

Primary User 
Data Controller 

Starting Point 

When the user elects to view Business Function Accesses. 
Ending Point 

When the information has been presented to the user. 
Measurable Result 

The Business Function Accesses information is presented to the user. 
Flow of events 

fc^:Lty ioalD supplied ,s valid and currcnt ' ^ estabush auth ° risa *- - ^ ^ 

The Business Function Accesses are presented to the user. 
Alternative flow of events 

SSS SE S£ " of °< b — *■* » «-»- I* ** 

3.6.2 Update 
Overview 

Primary User 
Data Controller 

Starting Point 

When the user elects to update Business Function Accesses. 
Ending Point 

When the information has been validated and processed bv the a * 

success or failure of the operation. Pressed by the system, and the user is informed of the 

Measurable Result 

The Business Function Accesses records are updated. 
Flow of Events 
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conficmation and prior to update, and the user notified of any errors and g.ven tne opportunity to cor.ct 

is the case the update^hould b7"^ S 5 L^ThS be "J"^^™^ * <*«W- W« this 
latest information from the database. " etUtned l ° ±C "f** 3 * screen sh °™g the 

Alternative flow of events 



33 



3.7 USERNAME/PASSWORD MAINTENANCE 

(See 2.4, USERNAME/PASSWORD ) 

3.7.1 View 
Overview 

This enables the user to view usemames, passwords, Data Subject names, and Data Subject ID numbers. 

Primary User 
Data Controller 

Starting Point 

When the user requests a list of usemames, passwords, Data Subject names, Data Subject ID numbers. 
Ending Point 

When the information has been presented to the user. 
Measurable Result 

The usemame/password information is presented to the user. 
Flow of events 

Alternative flow of events 

Sio^sS ™Z e^^ ° f aUth0rity ' ° r 15 ^ ^ to ^W-oo page because their 

3.7.2 Update 

Overview 

Primary User 
Data Controller 

Starting Point 
Ending Point 

When the information has been validated and processed h v a- ^ t_ 

success or failure of the operation. Processed by the system, and the user is informed of the 

Measurable Result 

The details are updated as requested. 
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Flow of events 

(^^o e 4 SSi ° nrD SUPPHed 15 "* - d - d authonsa.cn to perform this n.ncdon 

Validate the data entered and submit the changes to the database. 
Alternative flow of events 



the 



3.73 Delete 
Overview 

Primary User 
Data Controller 

Starting Point 

SSSSSSK*- d=tt " S ■**» » ■ ° f — — - -d Data Su„ iec , „„ =s , 

Ending Point 

When the deletions have been applied to the database or have been cancelled due to failure. 

Measurable Result 

The requested deletions are applied. 

Flow of events 

v£Z££?* JD * V,M " d — ' md -*>* — — » ^ <* 

Delete die selected data from the database. 
Alternative flow of events 
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3.8 MAINTAIN NEW SPECIFIED PROCESSING 

Overview 

sr^^ss: to create a new version of * e Specified processin ^ « »- » ^ - 

Primary User 
Data Controller 

Starting Point 

When the Data ControUer requests the New Specified Processing option. 
Ending Point 

When the New Specified Processing details have been updated or the action has been cancelled due to 
Measurable Result 

The New Specified Processing details are added fo th* a * u 

Date «, SSL £. A fSSUTL. S 

Flow of events 

2SSS3S5SS55SSJSSS? Prati, " g "* * sub,oi!!i °° ° f to **!— * -*« 

The DataSubjectSpecifiedProcessingAgreed and AgreedDafce fields are w tn m Q ^ ktttt r - , 

Alternative flow of events 

^SiS^S - "- " w,iich tofomed o£ «-*««-<' • »*d » «, 

s±st tassel" iidt of » - — » «. i— 
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3.9 MAINTAIN DATA ITEM 

3.9.1 View 

Overview 

This enables the Data Controller to view how Data Items relate to Default Processing Groups. A Data 
Items Default Processing Group to defines the way in which a Personal Data Item can be processed 
before consent is received from the Data Subject The Function Notification record to which the Data 
Item is associated is also displayed. 

Primary User 
Data Controller 

Starting Point 

When the user elects to view Data Items. 
Ending Point 

When the information has been presented to the user. 
Measurable Result 

The Data Item information is presented to the user. 
Flow of events 

^^Z^ 0010 SUPPHCd ^ ^ ^ CUrrent - md CStabliSh authorisarion *> P«fcnn this function 

The Data Item Description, the Default Processing Group to which it belongs and the Functional 
Notification title to which it is associated are presented to the user. functional 

Alternative flow of events 
SessionID is invalid or has expired. 

3.9.2 Add 

Overview 

VZ2£&£^££* to M a Data Item - d to define ite Default »°°°** G ™p - 

Primary User 
Data Controller 

Starting Point 

H^^SSSL ^ infonnati ° n ' 03,2 Item * **** G~up and 

Endings Point 

* fotma J°° haS been vaKdated 311(1 P^sed by the system, and the user is informed of me 
success or failure of the operation. 

Measurable Result 

L D ;£ itS ^ both Default Processing Group and Function Notification are added to 

Flow of events 

(Ch£k Au&ority) Si ° nID SUPPUe<1 ^ VaUd ^ CUneat ' ^ CStabUsh authorisati °n to perform this function 
The Data Item description is entered and must not exceed twenty characters. The Default Processing 
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Group for this item must be selected along with the Function Notification title before being submitted. 
On validating correctly, the data will be written to the DATA ITEM table. 
Alternative flow of events 

Data entered foils validation, in which case the user is informed of the issue(s) and is invited to re-try the 
update after correction. y 

Or, Ac user is denied access due to lack of authority, or is referred back to theLog-on page because their 
SesstonID ts invalid or has expired. 6 

3.93 Update 
Overview 

This enables the Data Controller to update the Data Item's association to a Default Processing Group and 
to a Function Notification record. & F 

Primary User 
Data Controller 

V 

Starting Point 

When the user elects to amend Data Item information; 
Ending Point 

i"?™^ bee ° VaMated pr ° CeSSed by ±e S ? Stem > user « ^formed of the 

success or failure of the operation. 

Measurable Result 

Data Item records are updated. 

Flow of events 

(^ , ^t£ e rity) Si0nID SUPPUed ^ ^ and CUrlen£ ' ^ CStabUsh auth °risation » perform this function 

Changes will be confirmed with the user before being applied. All data should be validated both odor to 
confinnat.on and pnor to update, and the user notified of any errors and given the oppoSn^t^ 

Ae^d!? 5 1^- t0 ?* datab ^* k ShOUld bC Cbecked to ^ * at anoth « ™« ^ not updated 
tZT»JT ? < l PC ° 0d 1 b ? tWee c n ^ USer fi«t viewingit and subsequently making a change. WhSS 
is the cue me update should be refused, and the user should be returned to the updfte screef rfuvSlS 
latest information from the database. P showing the 

Alternative flow of events 

upSte^cotc^ 011 ' " WhiCH 0356 ^ USCr " inform£d ° f «* isS ^> - d » -ted to re-try the 

^t^i^Zl^T ° f aUth ° rity ' ° r ' ^ b3Ck t0 W — *eir 

3.9.4 Delete 

Overview 

This enables the user to delete Data Item records. 

Primary User 
Data Controller 
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Starting Point 

When the user chooses to delete Data Items. 
Ending Point 

When the deletions have been applied to the database or have been cancelled due to failure. 

Measurable Result 

The requested deletions are applied 

Flow of events 

(^^t£riS Si9nID SUPPUed 15 ^ ^ CUrrCnt < " d CStablish -AO*-*- to perform this function 

SSTjir^SS - ^ Item fr0m ** * " « ^ use by a Personal 

Alternative flow of events 

The deletion fails, in which case the user is informed of the issue(s). 
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3.10 MAINTAIN DEFAULT PROCESSING GROUP 

3.10.1 View 

Overview 

COntr ° ,,er l ° ° efeult Pr0CCSS ^ GrOU P S a " d * e ^< Messing 

Primary User 
Data Controller 

Starting Point 

When the user elects to view Default Processing and Groups. 
Ending Point 

When the information has been presented to the user. 
Measurable Result 

The Default Processing and Groups information is presented to the user. 
Flow of events 

^ISt^™ 10 SUPPHed 15 ^ md CUrrcnt ' B ° d CStabliSh to perform this function 

The Default Processing and Groups information is presented to the user. 
Alternative flow of events 

3.10.2 Add 
Overview 

Tins enables the Data controller to add a Default Processing Group and to define its Default Processing. 

Primary User 
Data Controller 

Starting Point 

. When the user enters new information for Default Processing Group and its associated Processing. 
Ending Point 

Measurable Result 

A Default Processing Group and its Processing information are added to the database. 
Flow of events 

Check that die Session ID supplied is valid and current- and estahli^h aiiriinneah'^ «. c . . _ . 
(Check Authority). current, ana establish authonsauon to perform this function 
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Alternative flow of events 

Data entered rails validation, in which case the user is informed of the issuc(s) and is invited to re-try the 
update after correction. y 

Or, the user is denied access due to lack of authority, or is referred back to theLog-on page because their 
SessionID is invalid or has expired. & f 5 UiC uiar 

3.103 Update 

Overview 

This enables the Data Controller to update die Default Processing Group information. 

Primary User 
Data Controller 

Starting Point 

When the user elects to amend the current Default Processing Group information. 
Ending Point 

When the ^formation has been validated and processed by the system, and the user is informed of the 
success or failure of the operation. 

Measurable Result 

Default Processing Group records are updated. 
Flow of events 

(aTe C i Au&orityf ° nID SUPPUed " VaUd "* CUrlent ' ^ eStabHsh authorisanGn *> Perform this function 

Changes will be confirmed with the user before being applied. All data should be validated both prior to 
confirmation and pnor to update, and the user notified of any errors and given the opportunity to correct 

Before applying changes to the database, it should be checked to ensure that another user has not updated 
the same data m die perxod between this user first viewing it and subsequendy making a chant WrTtS 

l*: ssaa^Es* - d * e - s wd be ^ *> L ^ L -efsh^s 

Alternative flow of events 

^S^^S^ " WhlCh C3Se ^ ^ * iHfo£med ° f ** - d » --ted to re-toy the 

^lulttZtZ^ 01 ^ - «~* to theU>g-on page because their 

3.10.4 Delete 

Overview 

This enables the user to delete Default Processing Group records. 

Primary User 
Data Controller 

Starting Point 

When the user chooses to delete details of a Default Processing Group. 
Ending Point 

When the deletions have been applied to the database or have been cancelled due to failure. 



Measurable Result 

The requested deletions are applied. 

Flow of events 



^ Au Aority) Si ° nID SUPPHed h 31,(1 CUrrent ' eStabUsh authori -tion to perform this faction 

Delete the selected Default Processing Group record from the database, providing that no Default 
Processing Group .s in use by a Data Item record. g default 

Alternative flow of events 

The deletion fails, in which case the user is informed of the issue(s). 

Ztjsi^^ixz lack of authority - or ,s referred back to theLog - on page because ** 
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3.11 MASS DATA ENTRY 
Overview 

This function allows data relating to Data Subjects to be loaded into the database in batches. This is an 
offline function earned out by the system's Database Administrator (DBA), and as such does not require 
the same authentication checks as the online web-facing functions. 

Primary User 
Database Administrator 

Starting Point 

On receipt of the Data Subjects' Personal Data Items for mass data entry, the Database Administrator 
elects to import the data- 
Ending Point 

When tThe data has been imported into the database and/or an exception report of failures has been 
produced. 

Measurable Result 

New Data Subjects' Personal Data Items are avaUable on the database, or all have been rejected due to 
validation failures. 

Flow of events 

Validate the data received for import (see 2, Business Design, for details). On successful validation insert 
data into the database using the rules specified (see 2, Business Design, for details). 

Duplicate names must be signalled, so that the Data Controller can validate whether they are duplicated or 
not, before the allocation of the Data Subject ID number. 

Alternative flow of events 

Validation fails and an exception report is produced. 
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3.12 LOGIN 

(See 2, Business Design, for details). 

Overview 

Authenticate usemame and password details, and if valid allow usees to access the system beyond the Log- 
on page. If the user is a Data Subject, ask them to change their password if necessary, and ask them to 
consent to the Specified Processing terms if they have not already done so. 

Primary User 
Data Subject 
Data Controller 

Starting Point 

When a user navigates to the system's Log-on portal. 
Ending Point 

When the user has been granted or denied access to the system beyond the Log-on page. 
Measurable Result 

The user will be granted or denied access to the system beyond the Log-on page. 
Flow of events 

Use the supplied usemame to determine whether the user is a Data Controller or a Data Subject If the 
user is a Data Controller skip the next paragraph. 

If the User is a Data Subject, check whether they have consented to the latest Specified Processing terms- 
indicated when the DataSubjectSpecifiedProcessingAgreed field is set to Y. If not, invite their consent 
If consent is given, update the DataSubjectSpecifiedProcessingAgreed field to Y and continue 
processing, otherwise send an email to the Data Controller, and refuse the Data Subject further access to 
the system. 

Check the UserForcePasswordChange field. If it is Y, then ask the user to supply an new password then 
continue processing. c ' 

Check die supplied password against the UserPassword field. If they do not agree, notify the user and 
refuse further access to the system. 

If the usemame and password are valid generate a unique SessionID and update the UseiSessionID field 
with the new value. Set the the UserLastAccess field to hold the current timestamp. Return the SessionID 

Alternative flow of events 

The supplied usemame does not exist in the USER table. The user is notified and refused further access to 
the system. 
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3.13 CHECK AUTHORITY 

Overview 

ID Check that the SessionID is valid and current, and if so, determine the user's authority to perform 
access the requested Business Function. 

Primary User 
Data Subject 
Data Controller 

Starting Point 

When a user attempts to use a Business Function. 
Ending Point 

When the SessionID has been checked, and the authority to perform the requested Business Function is 
established. 

Measurable Result 

The User's UserlD is returned, or else a value of -1 if the SessionID is invalid or has expired. If the 
SessionID is valid, then the user's authority to perform the requested Business Function is also returned. 

Flow of events 

Use the SessionID to query the USER table. 

If no matching records are found the SessionID is invalid. 

If a row is found, check the UserLastRequest time to determine whether the SessionID has expired. 
If the SessionID is invalid, or has expired, return as UserlD of — 1. 

If the SessionID is both valid and current, check the BUSINESS FUNCTION ACCESS table to 
determine whether the user has authority to perform the requested Business Function. Return the user's 
UserlD and whether the user has access to the requested Business Function or not 



Alternative flow of events 
None. 



45 



3.14 CHECK IF DATA CONTROLLER NOTIFICATION REQUIRED 
Overview 

This function determines whether the Business Function performed requires the Data Controller to be 
notified via e-mail. 

Primary User 
Data Subject 

Starting Point 

When a Data Subject performs a Business Function which affects the database. 
Ending Point 

When either the Data Controller has been notified that a Data Subject has performed a Business Function, 
or it is determined that no notification is required. 

Measurable Result 

Either the Data Controller is notified that a Data Subject has performed a Business Function, or it is 
determined that no notification is required. 

Flow of events 

Check the FUNCTION NOTIFICATION table to determine whether the Data Controller needs to be 
notified of this Business Function. 

If the Data ControDer should be notified, generate and send an e-mail detailing the Business Function 
performed by the Data Subject 

Alternative flow of events 
None. 
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Data, Modkl 



4.1 Tabic Classification 

All tables arc classified into one of two main types. 

• Data Subject Table: tins carries information about die individual Data Subject 

• Maintenance Table: This is a table used to control access to the system or ensure correctness of 
information entered. 

4.2 Logical Entity Relationship Diagram 



Business 
Function 



Business 
Function 
Access 



Specified 
Processing 



User 



Data Subject 



Default 
Processing 



Data Item 



Personal 
Data Item 



Function 
Notification 



Key to RdationsNps: 






EntxtyB 







A hats a ltoOcr IrdstionsHpvwthB 



ErttatyA 



Entity B 



Ahwi ItoQ 1 or irany nd adored p with B 

4.3 Logical Data Definitions 

The logical database entity definitions contain the following headings: 

• Item Description (with a * if it is the primary key or part of the primary key) 

• Optional/ mandatory indicator 

• Relationship — if this item relates to an entry on another entity 

• Notes 
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DATA ITEM 


Defines a data item 




Item description 


Optional/ 
Mandatory 


Foreign Key 


Notes 


* DacaltcmID 


M 




Data Item number used as the internal key to 
the system - system generated 


DataltemName 


M 






FunctionalNotificationlD 


M 


FunctionalNotiftcation 




DcfaultProcessingGroupID 


L M 


DefaultProcessingGroup 





DATA SUBJECT 


Holds the basic information for each Data Subject on the system 




Optional/ 
Mandatory 


Foreign Key • j 
relating- to: 


Notes 


* DataSubjcctlD 


M 




Data Subject number used as the internal key 
to the system - system generated 


DataSubjcctName 


M 






UserlD 


M 


User (User ID) 




DataSubjectSpccificdProcessuigAgrced 


M 




Y if agreed to specified processing; N if not; 
default is N 


DataSub j ectSp ccificdProccssingAgrcedDatc 


M 




Date that the Data Subject agreed to the 
Specified Processing terms 



DEFAULT PROCESSING GROUP 


Allows default c 


onsents to be set up for a grou 


p of data items 


item description • . : 


Opdonal/ : 
Mandatory 


Foreign Key relating 


Notes 

• 


* DcfaultProcessingGroupID 


M 






DefaultProcessingGroupTitle 


M 






D ef ault ProcessineGro up Co nscntD ef ault 


M 




Y or N; default is N j 




FUNCTIONAL NOTIFICATION 


Controls whether e-mails axe sent to the Data Controller when Personal Data Item 
is changed by the Data Subject, and to which address they are sent 




; Optional/. 


Wmm Key relating 




"■ " • ' " : • •^••■^^ 


Mandatory 


........ — 


* FujqctionalNotificarionlD 


M 






FunctionalNotificationTidc 


M 






FunctionalNotificationRequired 


M 




Y if changes are to be notified; N if not; 
default is Y 


UserlD 


O 


User 


User to whom e-mail will be addressed. 
Mandatory if required is Y and user 
must be a Data Controller : 




PERSONAL DATA ITEM 


Contains Personal Data Item of Data Subject 


ttem description 


Optional/ 


Iflliill^lii 




* DataSubjectID 


M 


Data Subject 




♦DataltemlD 


M 


Date Item 




PersonalDatal te m 


M 






DateLast Correct 


M 




Full date and time stamp 


LastChacigedBy 


M 


User (User ID) 




LastChangedOn 


O 




Date field — time held as zeros 


Consent 


O 




Y or N, not set use display default 




SPECIFIED PROCESSING 


Defines the specified processing text to be displayed. Contains only one row and is 
only accessed by the Data Controller 


' Item '-description 


Optional/ 
Mandatory 


Foreign Key relating 




Notes 




* Specified Pro c ess ingID _ 


M 




The value 1 


SpecifiedProccssingText 


M 






LastCha ngcdBy 


M 


User (User ID) 


The user will be a data controller 


LascChangcdOn 


O 




Date field - time held as zeros 
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USER 


Contains user-related details 




Optional/ 
Mandator* 


to: 


Notes 




*UserID 


M 




System generated 


UserName 


M 




Unique name that user uses to sign 
onto system 


UscrPasswo rd 


M 




Held encrypted on the database 


UscrSessionlD 


O 




Unique Session ID generated by the 
system at each successful log-on 


UserLast Access 


O 




A times tamp entry updated each time 
this user access a Business Function 


UscrDaiaControllcr 


o 




Y if user is Data Controller 


UscrDataS ubj cct 


o 




Y if user is Data Subject 


Us erDataControllcrE-mail 


o 




E-mail address of Data Controller 


UserForcePasswordChange 


M 




Y requires password change by user, N 
does not require change of password 



